'It's like playing whack-a-mole': A string of recent revelations paints a stark picture of Russia's ongoing campaign to meddle in the 2018 midterms

US government agencies and social media companies are taking
a proactive role in combatting Russian disinformation and
cyberattacks ahead of the November midterms.

But a string of recent revelations indicates that, if
anything, Russia and other foreign actors are using more
sophisticated methods to poke at the weak links in an already
explosive US political environment.

One cybersecurity expert described the process as playing
whack-a-mole.

"You whack that mole and he pops his head up somewhere else,"
he said. "You can never sit back and think you've got the
adversary figured out, because you don't."

The first sign of Moscow's meddling in the 2016 election came in
September 2015, when the FBI noticed that Russian hackers had
infiltrated a computer system belonging to the Democratic
National Committee.

Ad

Three years later, further reporting and testimony from current
and former intelligence officials have painted a portrait of
Russia's 2016 election interference as a multifaceted,
well-planned, and coordinated campaign aimed at undermining the
backbone of American democracy: free and fair elections.

Lawmakers and government officials have since said that they have
taken steps to combat malicious activity from foreign actors,
particularly as the 2018 midterms come around the corner.

But a string of recent revelations indicates that, if anything,
the US's adversaries are using more sophisticated methods to
continue to poke and prod at the weak links in an already
explosive domestic political environment.

Ad

Facebook and Twitter take center stage

source

Screenshot/Facebook

In July, Facebook announced that it had discovered and shut down
32 phony pages and profiles that were created between March 2017
and May 2018.

The social media giant said the accounts, many of which lawmakers
and experts linked to Russia, reached 290,000 users with ads,
events, and posts about politically divisive issues like
feminism, race, and fascism.

Facebook said one of the most popular pages it shut down was tied
to the Internet Research Agency, the notorious Russian troll farm
that the special counsel Robert Mueller charged with conspiring
to interfere in the 2016 election by mounting a social media
disinformation campaign to stoke political tensions.

One month later, Facebook announced it had removed an additional
652 fake accounts and pages that it said were used to influence
politics in the US, UK, Middle East, and Latin America. Most of
the pages, the company said, were linked to Russia and Iran.

Last week, Twitter joined the fray when it released a massive
trove of 10 million tweets it
said were tied to foreign influence operations it discovered on
its platform since 2016. The disclosure included information
about 3,841 accounts the company believes are linked to the IRA,
and 770 accounts it says originated in Iran.

Facebook and Twitter made up a key facet of Russia's
disinformation campaign during the 2016 campaign season.

Last year, Facebook sent shockwaves through the political sphere
when it revealed it had shuttered nearly 500 pages tied to the
IRA, which was also accused of buying targeted political ads that
approximately 10 million users saw.

Two months later, Twitter revealed to Congress that Russia-linked
accounts on its platform "generated approximately 1.4 million
automated, election-related tweets, which collectively received
approximately 288 million impressions" from September 1 to
November 15 of last year.

Both Facebook and Twitter drew criticism following the 2016
election for what critics said was an unwillingness to monitor
and root out fake accounts.

The companies' disclosures about state-backed influence campaigns
on their platforms in the months leading up to the midterms
appear to be an attempt at addressing those concerns, and
cybersecurity experts say the move is a step in the right
direction.

"What we're seeing is a concerted effort to sound the alarm about
a coordinated campaign at the highest levels of the Russian
government to interfere in our 2018 midterms," said John Carlin,
the former assistant attorney general for national security and
the chair of Morrison & Foerster's Global Risk and Crisis
Management group.

Jeff Bardin, the CIO of the cybersecurity firm Treadstone 71 and
a former member of the US Army and Air Force intelligence
community, said Facebook and Twitter made the right call in
publicly announcing influence operations on their platforms.

"I think they should have done it earlier, but better late than
never," he added.

From Cold War to code war

Lawmakers and experts say that as Facebook, Twitter, and other
social media companies take a more proactive role in rooting out
influence operations, foreign actors have also begun using more
sophisticated methods to cover their tracks.

On Facebook, for instance, some Russia-linked accounts used third parties to buy ads
on their behalf and didn't use Russian IP addresses or pay with
Russian currency.

The company also said the phony accounts shifted their attention
to more heavily promoting events and rallies, which Facebook
doesn't monitor as closely as politically targeted ads.

Larry Johnson, the CEO of CyberSponse and a 24-year veteran of
the US Secret Service, described the process of countering
Russia's activities as playing whack-a-mole.

"You whack that mole and he pops his head up somewhere else,"
Johnson said. "So it's all about continuously being vigilant and
building walls. You can never sit back and think you've got the
adversary figured out, because you don't."

Bardin echoed that view.

"Politics is a reflex for a lot of people," he said. "It's all
emotion and feeling and thought without evidence, and the
Russians love that. They know people are going to go with what
makes them feel good - the comfortable lie instead of the
inconvenient truth - and their specialty is tapping into that."

Carlin, who previously served as Mueller's chief of staff at the
FBI, compared the Russians' use of information warfare to a
modern-day "code war."

"It's not like traditional warfare," he said. "There's this
low-intensity conflict happening day in and day out affecting
companies or individuals or, in this case, our democracy. And
like the Cold War, in the code war, the leader of the free world
has to take charge."

"He has to recognize that this is not an attack on one person or
party, but on us as Americans," he added.

Déjà vu

Social media isn't the only avenue Russia and other foreign
actors are using to meddle in the upcoming midterms.

Earlier this month, NBC News reported that the US
Department of Homeland Security said it has identified an
increasing number of attempted cyber attacks on US election
infrastructure ahead of the November elections, and is working to
figure out who or what is behind them.

The disclosure is reminiscent of the revelation last year that
election systems in as many as 39 states could have been attacked
during the 2016 election, though voting tallies are not believed
to have been altered or manipulated in any way.

The news was bolstered by a leaked NSA document published by The
Intercept detailing how hackers connected to Russian military
intelligence had attempted to breach US voting systems days
before the election.

This month, the department's Cyber Mission Center said in an
intelligence assessment obtained by NBC News that it is "aware of
a growing volume of cyber activity targeting election
infrastructure in 2018."

"Numerous actors are regularly targeting election infrastructure,
likely for different purposes, including to cause disruptive
effects, steal sensitive data, and undermine confidence in the
election," the assessment continued, adding that while the
federal government does not yet know who is behind the attacks,
all of them were either prevented or mitigated.

Both Russia and China are actively working to influence the US
political atmosphere, the assessment reportedly said, by
spreading disinformation with hackers posing as Americans and
through more conventional propaganda efforts.

"The Russians see that they had a lot of success with the 2016
election cycle and what it did to American political discourse
and how it took over our news cycles," said David Kennedy, the
CEO of the cybersecurity firm TrustedSec and a former hacker for
the National Security Agency and the Marine Corps.

"So obviously now we're going to see more mentions of them in
news cycles, but they don't slow down in between elections," he
said. "It's a concerted effort, a concerted campaign, focused on
causing as much disruption as they can for anything that's
happening."

'Russia is accelerating its campaign and this isn't the last - or
worst - we'll see of it'

caption

Robert Mueller.

source

AP Photo/Andrew Harnik

Experts say that despite President Donald Trump's apparent
reluctance to publicly condemn Russia and other foreign actors
for their meddling, they're encouraged that the rest of the US
government has been aggressive in identifying and publicly
prosecuting foreign agents.

Mueller has so far charged 25 Russian nationals and three Russian
entities as part of his investigation into Russia's interference
in the 2016 election.

And on September 25, the DOJ announced a new policy on the
disclosure of foreign influence operations.

The updated guidelines say the DOJ will "investigate, disrupt,
and prosecute the perpetrators of illegal foreign influence
activities where feasible," and that it will alert "victims and
unwitting targets" of such activities whenever possible.

The guidelines also say that while investigative or operational
considerations may sometimes bar the DOJ from disclosing foreign
influence operations, "public exposure and attribution of foreign
influence operations can be an important means of countering the
threat and rendering those operations less effective."

Three days after the new policy was announced, the DOJ indicted a Russian woman
working for a close ally of Russian President Vladimir Putin with
conspiring to meddle in the 2018 midterms. The charging document
was made public last week.

Prosecutors said the disinformation campaign the woman, Elena
Khusyaynova, was involved in created thousands of email and
social-media accounts to conduct "information warfare against the
United States."

They added that the operation, "Project Lakhta," had a budget of
more than $35 million and "continues to this day."

The same day prosecutors announced Khusyaynova's indictment, the
Office of the Director of National Intelligence warned in a joint
statement with the DOJ, the FBI, and the DHS that Russia and
other actors like China and Iran
were conducting "ongoing campaigns" that were designed to
"undermine confidence in democratic institutions and influence
public sentiment and government policies" and could include
meddling in the midterms and even the 2020 election.

Kennedy said tracing malicious activity back to specific
individuals and naming them in indictments helps the US because
it leads to political backlash.

"One thing we haven't really done a good job on is the cyber
front," he said. "We've been going after the money flow and
applying political and economic pressure in the hopes that it
would slow them down. But we haven't seen that yet. If anything,
Russia is accelerating its campaign and this isn't the last - or
worst - we'll see of it."

Carlin agreed.

"What we've already seen is that this is of pretty enormous
scope," he said of Russia's operation. "I don't think we've ever
seen anything like it."